CVE-2021-44077 : Vulnerability Insights and Analysis

Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus are vulnerable to unauthenticated remote code execution.

Understanding CVE-2021-44077

What is CVE-2021-44077?

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are susceptible to unauthenticated remote code execution via /RestAPI URLs in a servlet and ImportTechnicians in the Struts configuration.

The Impact of CVE-2021-44077

Exploitation of this vulnerability could allow remote attackers to execute arbitrary code on the affected systems.

Technical Details of CVE-2021-44077

Vulnerability Description

The vulnerability permits unauthenticated remote code execution in Zoho ManageEngine products, particularly in specific URL paths and configurations.

Affected Systems and Versions

Zoho ManageEngine ServiceDesk Plus before version 11306
ServiceDesk Plus MSP before version 10530
SupportCenter Plus before version 11014

Exploitation Mechanism

Attackers can exploit this vulnerability by sending crafted requests to the affected application, leading to the execution of malicious code.

Mitigation and Prevention

Immediate Steps to Take

Update to the latest patched versions of the affected products.
Implement network-level protections to restrict access to the vulnerable endpoints.
Monitor for any suspicious activities on the network.

Long-Term Security Practices

Regularly update and patch all software to mitigate potential vulnerabilities.
Conduct security assessments and audits to identify and address weaknesses proactively.
Educate users and administrators about secure configuration and best practices.

Patching and Updates

Apply security patches provided by Zoho ManageEngine promptly to remediate the vulnerability.